Report: Many evils lurk in the “dark corners” of the Internet

StopBadware.org's "Trends in Badware 2007" report identify some of the most …

Protecting yourself while surfing the web is essential. Unfortunately, your computer's security is not entirely dependent on the software you're running. Security depends just as much on your surfing habits and the sites you choose to visit—and avoid. A recent report (PDF) from StopBadware.org called "Trends in Badware 2007: What Internet Users Need to Know," stresses the importance of being careful where you click.

Of course, most Ars readers know exactly what kind of sites to avoid: "the dark corners" of the internet, as StopBadware.org labels them. StopBadware.org's report is aimed more at those who are less informed about the dangers of the Internet, those whose malware messes we are often called upon to clean up. It explains the trends of "badware," website identity theft, attack vectors like iFrame-encrypted JavaScript data, rogue software, timed-target attacks, and a host of other commonly used, but often overlooked, website attacks in layman's terms, making it a good read for friends and acquaintances that wonder why banks they don't do business with keep asking them to update their account information.

The report touches on a theme that we've hammered away on for some time: that out-of date software is one of the biggest threats to users. Outdated software is a particular problem because when developers update their software, they often release a patch document that explains all of fixed vulnerabilities. This is incredibly useful to malware writers—they now know all of the ways they can exploit users with outdated software. According to a recent McAfee and NCSA report, only 51 percent of those who use antiviral and antispyware apps actually update their software, leaving 49 percent of users vulnerable to attack.

One of the most surprising statistics in Stopbadware.org's report concerns smaller, personal websites. StopBadware.org's growing list of websites in its "Badware Website Clearinghouse," which is provided by Google, now numbers over 200,000 infected sites.

In order to protect yourself as best you can, StopBadware.org suggests that you run both antivirus and antispyware software, and make sure that you keep it up to date. The site also recommends that users set their OS to automatically install critical updates and use a software or hardware firewall. If you're unsure of what to install, or how to further protect yourself, StopBadware.org also offers a discussion community to help beginners. While it seems rudimentary, the "Trends in Badware" report reinforces the importance of skeptical computing and serves as a reminder to be vigilant against malware.